02/26/2015

Questions CIOs Should Ask Before Adopting Email Encryption

by Neil Farquharson

For companies and CIOs, making the decision to implement encryption is just the first step in the process towards email security. With so many solutions and providers out there, it can be a daunting task to find the right one.

Don’t worry — Zix has your back. Below are five questions CIOs should ask before they choose an email encryption solution:

Does the solution include a hosted, shared email encryption network?

Why not encrypt every email? The simple answer is that it’s really hard, and most solutions simply don’t accommodate the way people work today. Passwords? Portals? No one has the time to take those extra steps. By being part of a shared email encryption network, employees ensure that 100 percent of the emails they send to other users within the network are secured — and they don’t need to stop and take extra steps that slow down your business.

Does the solution offer policy-based encryption filters?

Policy-based encryption filters play an important role by identifying and protecting sensitive information in emails and attachments. Occasionally, even the best-intentioned employees might not think an email needs encrypting, or they might forget altogether. To ensure compliance and guarantee that all emails containing sensitive information are secure, CIO’s should look for solutions that offer policy filters that scan all outbound messages. Industry-specific filters that can be customized for your business are even better. If the system suspects an email contains sensitive information, it will determine which emails must be encrypted and which must be quarantined.

Is the solution easy to use?

Ultimately, email encryption is a business tool and should be seamless for both sender and receiver. Often, this is not the case, and wrinkles in the process can result in costly breaches in compliance (not to mention drops in productivity). An easy-to-use platform can help to ensure universal adoption within an organization. For instance, does the solution automatically decrypt inbound messages at the Gateway so recipients don’t need to bother? On the recipient side, does the solution automatically encrypt messages to simplify the process for them? Are reply, reply-all and forward messages automatically encrypted?

Does the solution provider have a proven solution and reliable track record?

Not all email encryption solutions or providers are created equal. Choosing a provider is a long-term commitment, so make sure you do your reference check and use a solution that other organizations in your industry trust. You should also check whether the infrastructure has any certifications and accreditations, such as SysTrust/SOC 3 or PCI Level 1.

Does your solution provider have you covered during and after the deployment?

The job isn’t over once an organization deploys an email encryption solution. First things first: Make sure you understand how long it will take to deploy the solution. You don’t want a major disruption to your business. It is possible to deploy a solution in less than a day. Once the solution is in place, employees at all levels must be educated on the ins and outs of email encryption and must understand how to use the solution. Additionally, you’ll want to make sure the solution is monitored and maintained by the vendor so it requires minimal ongoing resources from your team.

Are you in the process of selecting an email encryption solution? For more information on what to look for, check out our email encryption checklist.